A slew of Australia’s critical infrastructure service providers and union groups have lambasted the federal government’s critical infrastructure cyber laws due to it requiring organisations to install third-party software onto their systems if they are deemed to not be “technically capable” of managing cyberthreats.
Roger Somerville, Amazon Web Services’ (AWS) ANZ public policy head, said the need for new cybersecurity laws was apparent, but he remained critical of the software installation scheme contained within the Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022.
The Bill contains outstanding elements of cyber laws passed by the Parliament last year, per recommendations from the parliamentary committee that is currently reviewing the laws. Among these outstanding elements are requirements for entities deemed “most important to the nation” to adhere to enhanced cybersecurity obligations, such as potentially installing third-party software.
Addressing the parliamentary committee that is reviewing the Bill, Somerville said there is a lack of clarity on how the software installation scheme would operate, and that the federal government saying it would only be used as a “last resort” is not sufficient.
“We do acknowledge that the Australian government has told us that those sorts of powers would be more relevant